aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Web/HTTPSig.php13
-rw-r--r--Zotlabs/Zot/Finger.php5
2 files changed, 13 insertions, 5 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index e9e262125..2b139a2a1 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -126,9 +126,16 @@ class HTTPSig {
function get_activitypub_key($id) {
- $x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ",
- dbesc($id)
- );
+ if(strpos($id,'acct:') === 0) {
+ $x = q("select xchan_pubkey from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+ dbesc(str_replace('acct:','',$id))
+ );
+ }
+ else {
+ $x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ",
+ dbesc($id)
+ );
+ }
if($x && $x[0]['xchan_pubkey']) {
return ($x[0]['xchan_pubkey']);
diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php
index 865e78517..e205b136f 100644
--- a/Zotlabs/Zot/Finger.php
+++ b/Zotlabs/Zot/Finger.php
@@ -120,9 +120,10 @@ class Finger {
return $ret;
}
- $verify = \Zotlabs\Web\HTTPSig::verify($result);
-
$x = json_decode($result['body'], true);
+
+ $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : '');
+
if($x && (! $verify['header_valid'])) {
$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);
if($signed_token) {